Share via

Hi, I want to a confirmation if my azure pipeline is using GitHub app authentication after I integrate GitHub and azure pipelines using GitHub app authentication.

rajesh kumar 25 Reputation points
2026-03-09T12:44:04.0133333+00:00

Hi, I want to a confirmation if my azure pipeline is using GitHub app authentication after I integrate GitHub and azure pipelines using GitHub app authentication.

My pipeline passed but I nowhere see that the auth type is bearer or GitHub app but yes the service connection is using my GitHub app auth type. But in run logs I am not able to see. Can I confirm any other way

Azure DevOps

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Rakesh Mishra 7,380 Reputation points Microsoft External Staff Moderator
    2026-03-09T15:30:25.1666667+00:00

    Hi Rajesh,

    Welcome to the Microsoft Q&A Platform! Thank you for asking your question here.

    It sounds like you want to be absolutely sure your pipeline is using the GitHub App rather than OAuth or a PAT. Azure Pipelines won’t stamp “GitHub App” or “Bearer” in every log line, but here are a few ways you can confirm:

    1. Check the Service Connection itself
      • Go to Project settings → Service connections in Azure DevOps.
      • Find your GitHub connection and open it – it’ll explicitly say “Authentication type: GitHub App.”
      User's image
    2. Look at the “Get sources” step in a pipeline run
      • In the pipeline’s run summary, expand the “Get sources” (checkout) step.
      • You’ll see the name of the service connection that was used. If that connection is your GitHub App connection, the pipeline is using the App under the covers.
    3. Inspect resources via REST API You can call the Builds – Get Resources API to see which service connections were used by a particular build: 
          GET https://dev.azure.com/{org}/{project}/_apis/build/builds/{buildId}/resources?api-version=7.1
      The response lists the serviceConnection resource and its ID – match that back to your GitHub App connection in the UI.
    4. Turn on debug logging for git checkout (optional) In your YAML, set variables: system.debug: true and add persistCredentials: true under the checkout step. The verbose logs will show the auth header being fetched from the service connection (though it won’t say “GitHub App,” you’ll see it coming from the connection you configured).

    If you still aren’t seeing what you expect, here are a couple of follow-up questions:

    1. Is your pipeline a classic build or YAML-based?
    2. Can you share a screenshot (or the exact name) of the service connection you selected under “Get sources”?
    3. Are you using Microsoft-hosted agents or self-hosted agents?
    4. Have you enabled system.debug and reviewed the checkout logs already?

    Hope this helps you verify your GitHub App integration!

    References

    Note: This content was drafted with the help of an AI system.

    0 comments
  2. Q&A Assist
    2026-03-09T12:44:16.4133333+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    To confirm that an Azure Pipeline is using GitHub App authentication (and not OAuth or PAT), use one of these methods:

    1. From Azure Pipelines UI
      1. Open the pipeline and select Edit.
      2. Select Triggers to open the classic editor for the pipeline.
      3. Go to the YAML tab and select the Get sources step.
      4. In the banner Authorized using connection: select the linked service connection name.
      5. In the service connection properties, check the connection type:
        • Azure Pipelines app → GitHub App connection
        • oauth → OAuth connection
        • personalaccesstoken → PAT connection
      If it shows Azure Pipelines app, the pipeline is using GitHub App authentication, regardless of what appears in the run logs.
    2. From GitHub PR/commit status
      1. Open a pull request in the GitHub repository.
      2. On the Conversation tab, find the status entry from Azure Pipelines and select Details.
        • If Details redirects to the Checks tab, the status is a GitHub Check Run and the repo is using the GitHub App.
        • If Details redirects directly to the Azure DevOps pipeline run page, it is the older status style and the repo is using OAuth or PAT.

    Either of these methods provides confirmation without relying on log output.

    References:

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.